Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5470
Views
0
Helpful
4
Replies

Cisco ISE 2.3 Install Patch 5 distributed deployment

Go to solution
Johannes2110
Level 1
Level 1

‎10-12-2018 07:10 AM - edited ‎10-12-2018 07:11 AM

Hello all,

i've read through this document

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100.html#ID265

 

but did not state 

I have cisco ISE 2.3 distributed deployment 4 nodes, and I planning to update the patch, right now the condition is my ISE wasn't patch before, still the base version of Cisco ISE 2.3.

can I jump directly install into the patch 5 without install the 1 - 4 patches? and what happen if I just install the patch into some of the ISE nodes 2 nodes first and the other 2 nodes still using the base version in the distributed deployment?

there some document or link or answer for this case?

 

Thank you all

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎10-12-2018 07:21 AM

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100.html#ID265


Cisco ISE Software Patches

Cisco ISE software patches are usually cumulative. Cisco ISE allows you to perform patch installation and rollback from CLI or GUI.

View solution in original post

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎10-12-2018 08:04 AM

I'll add to what Jason posted. If you want to patch 2 nodes + validate, then complete patching the other two nodes, you should patch from the CLI. If you patch from the GUI it will run through all four nodes sequentially, you don't have much control over the process.

ISE CLI command for reference
patch install ise-patchbundle-2.3.0.298-Patch5-18082702.SPA.x86_64.tar.gz <repository-name-that-holds-patch file>

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎10-12-2018 07:21 AM

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100.html#ID265


Cisco ISE Software Patches

Cisco ISE software patches are usually cumulative. Cisco ISE allows you to perform patch installation and rollback from CLI or GUI.
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎10-12-2018 08:04 AM

I'll add to what Jason posted. If you want to patch 2 nodes + validate, then complete patching the other two nodes, you should patch from the CLI. If you patch from the GUI it will run through all four nodes sequentially, you don't have much control over the process.

ISE CLI command for reference
patch install ise-patchbundle-2.3.0.298-Patch5-18082702.SPA.x86_64.tar.gz <repository-name-that-holds-patch file>
0 Helpful

Go to solution
Johannes2110
Level 1
Level 1
In response to Damien Miller

‎10-12-2018 08:28 AM

so I can directly jump install to the latest patch (patch 5) without install the patch version  (1-4) before? And it is okay to install the patch for only two nodes first and the other 2 nodes still in base version? it wouldn't take effect to the ISE if they have different version?

 

thank you

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Johannes2110

‎10-12-2018 09:19 AM

There will be no issue going straight to Patch 5. No one will recommend you run mixed patches for an extended period but it will work while validating. Removing a patch takes very little time, baring any catastrophic node failures during install, if you run in to a production impacting issue then you can easily roll back the patches, nodes have to reload during patch install/removal.
0 Helpful
Customers Also Viewed These Support Documents